package com.hikw.configuration;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @Description: Security配置类
 * @ClassNmae: SecurityConfiguration
 * @Author: 何同学
 * @DateTime: 2022-02-18 15:57
 **/
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /*
        authorizeRequests()：开启权限管理
        anyRequest()：匹配所有请求
        mvcMatchers()：匹配某个请求
        permitAll()：对匹配请求放行
        authenticated()：对匹配请求进行认证
        and():指定做什么认证
        formLogin():表单认证
        loginPage("/login"):自定义登陆界面
         */
        //开启权限管理
        http.authorizeRequests()
                //匹配请求直接放行
                .mvcMatchers("/index", "/login").permitAll()
                //匹配请求认证后放行
//                .mvcMatchers("/about").authenticated()
                //除直接放行的请求其他请求全部需要认证
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login");
//    ...and().formLogin()===http.formLogin();
    }
}
